Padding Oracle on Downgrade Legacy Encryption. The Padding Oracle On Downgraded Legacy Encryption (POODLE) vulnerability is a 2014 cybersecurity flaw in the outdated SSLv3.0 protocol that allows an attacker to decrypt encrypted data by forcing a connection downgrade to SSLv3.0. 

Remote Authentication Dial-in User Server. Remote Authentication Dial-In User Service. Provides central authentication for remote access clients. RADIUS uses symmetric encryption to encrypt the password packets and it uses UDP. In contrast, TACACS + encrypts the entire authentication process and uses TCP. Diameter is an improvement over RADIUS. 

Return of investment or return on investment. A performance measure used to identify when an investment provides a positive benefit to the investor. It is sometimes considered when evaluating the purchase of new security controls.

Security Assertions Markup Language. Security Assertions Markup Language. An XML-based standard used to exchange authentication and authorization information between different parties. SAML provides SSO for web-based applications. 

Software Development Life Cycle Methodology. Software Development Life Cycle Methodology. The practice of using a SDLC when developing applications. 

Single Loss Expectancy. Single loss expectancy. The SLE identifies the amount of each loss and is used to measure risk with ALE and ARO in a quantitative risk assessment. The calculation is SLE × ARO = ALE. 

Single Point of Failure. Single point of failure. An SPOF is any component whose failure results in the failure of an entire system. Elements such as RAID, failover clustering, UPS, and generators remove many single points of failure. 

Transmission Control Protocol/Internet Protocol. Transmission Control Protocol/ Internet Protocol. Represents the full suite of protocols used on the Internet and most internal networks. 

Unified Extensible Firmware Interface. Unified Extensible Firmware Interface. A method used to boot some systems and intended to replace Basic Input/ Output System (BIOS) firmware. 

Virtual Local Area Network. Virtual local area network. A VLAN separates or segments traffic. A VLAN can logically group several different computers together, or logically separate computers, without regard to their physical location. It is possible to create multiple VLANs with a single switch. You can also create VLANs with virtual switches. 

Wireless Intrusion Prevention System. Wireless intrusion prevention system. An IPS used for wireless networks. 

A port-based authentication protocol. Wireless can use 802.1x. For example, WPA2 Enterprise mode uses an 802.1x server (implemented as a RADIUS server). Enterprise mode requires an 802.1x server. PEAP and EAP-TTLS require a certificate on the 802.1x server. EAP-TLS also uses TLS, but it requires certificates on both the 802.1x server and each of the clients.

Post Office Protocol. Post Office Protocol (POP), especially version 3 (POP3), is a standard email protocol for retrieving messages from a server, primarily designed to download emails to a local device. In cybersecurity, its main risk is its traditional, unencrypted operation on port 110, which sends data in plain text and leaves credentials and emails vulnerable. 

Redundant Array of Inexpensive Disks. Redundant array of inexpensive disks. Multiple disks added together to increase performance or provide protection against faults. RAID help prevent disk subsystems from being a single point of failure. 

Risk Management Framework. A cyber risk management framework is a structured approach to identifying, assessing, managing, and mitigating cyber risks. 

Storage Area Network. Storage Area Network. A specialized network of high-speed storage devices. 

Software Defined Network. Software-Defined Networking (SDN) enhances cybersecurity by separating the network's control and data planes, which allows for centralized, automated management and real-time security policy enforcement. 

Server Message Block. Server Message Block (SMB) is a network protocol for sharing files and printers, but its use in cyber security makes it a frequent target for attackers due to its widespread use in Windows networks and its history of vulnerabilities. 

Structured Query Language. Structured Query Language. Used by SQL-based databases, such as Microsoft SQL Server. Web sites integrated with a SQL database are subject to SQL injection attacks. Input validation with forms and stored procedures help prevent SQL injection attacks. Microsoft SQL Server uses TCP port 1433 by default. 

Ticket Granting Ticket. Ticket Granting Ticket. Used with Kerberos. A KDC (or TGT server) issues timestamped tickets that expire after a certain time period. 

 Uninterruptable Power Supply. Uninterruptible power supply. A battery backup system that provides fault tolerance for power and can protect against power fluctuations. A UPS provides short-term power giving the system enough time to shut down smoothly, or to transfer to generator power. Generators provide long-term power in extended outages. 

Variable Length Subnet Masking. Variable Length Subnet Masking (VLSM) is a network design strategy that uses different-sized subnets within the same network to improve IP address efficiency, network scalability, and resource optimization. 

Write Once Read Many. Write Once Read Many (WORM) is a data storage principle that ensures data, once written, cannot be altered, overwritten, or deleted for a specified period or indefinitely 

Access Control Entry. Identifies a user or group that is granted permission to a resource. ACEs are contained within a DACL in NTFS.

Plain Old Telephone Service. Plain old telephone service. Voice-grade telephone service using traditional telephone wires. 

Remote Access Server. Remote Access Service. Provides access to an internal network from an outside source location using dial-up or a VPN. 

Recovery Point Objective. Recovery point objective. The recovery point objective (RPO) refers to the amount of data you can afford to lose by identifying a point in time where data loss is acceptable. It is related to RTO and the BIA often includes both RTOs and RPOs. 

Subject Alternative Name.  a Subject Alternative Name (SAN) allows a single SSL/TLS certificate to secure multiple domain names, subdomains, and IP addresses. 

Self-encrypting Drive. Software-Defined Networking (SDN) enhances cybersecurity by separating the network's control and data planes, which allows for centralized, automated management and real-time security policy enforcement. 

Short Message Service. Short Message Service (SMS) is both a security risk and a security tool. It is widely used for malicious attacks like smishing (SMS phishing), where attackers send fraudulent texts to steal sensitive information. 

Secure Real-Time Protocol. Secure Real-time Transport Protocol (SRTP) is a security-enhanced version of the Real-time Transport Protocol (RTP) that secures audio and video communications by providing confidentiality, integrity, and replay protection through encryption and authentication 

Temporal Key Integrity Protocol. Temporal Key Integrity Protocol. Wireless security protocol introduced to address the problems with WEP. TKIP was used with WPA but has been deprecated. WPA2 with CCMP is recommended instead. 

Uniform Resource Identifier. Uniform Resource Identifier. Used to identify the name of a resource and always includes the protocol such as http:// GetCertifiedGetAhead.com. 

Virtual Machine. Virtual machine. A virtual system hosted on a physical system. A physical server can host multiple VMs as servers. Virtualization helps reduce the amount of physical equipment required, reducing overall physical security requirements such as HVAC and power. 

WiFi Protected Access. Wi-Fi Protected Access. Replaced WEP as a wireless security protocol without replacing hardware. Originally used TKIP with RC4 and later implementations support AES. Superseded by WPA2. In WPA cracking attacks, attackers capture the four-way authentication handshake and then use a brute force attack to discover the passphrase. 

Acknowledge. A packet in a TCP handshake. In a SYN flood attack, attackers send the SYN packet, but don't complete the handshake after receiving the SYN/ ACK packet.

 Point-to-Point Protocol. Point-to-Point Protocol. Used to create remote access connections. Used by PAP and CHAP. 

Remote Access Trojan. Remote access tool. Commonly used by APTs and other attackers. A RAT gives an attacker full control over a user's system from a remote location over the Internet. 

Rivest, Shamir, & Adleman. Rivest, Shamir, and Adleman. An asymmetric algorithm used to encrypt data and digitally sign transmissions. It is named after its creators, Rivest, Shamir, and Adleman. RSA uses both a public key and a private key in a matched pair. 

System Control and Data Acquisition. Supervisory control and data acquisition. Typically industrial control systems within large facilities such as power plants or water treatment facilities. SCADA systems are often contained within isolated networks that do not have access to the Internet, but are still protected with redundant and diverse security controls. SCADA systems can be protected with NIPS systems and VLANs. 

Structured Exception Handler. Structured Exception Handler. Module within an application that handles errors or exceptions. It prevents applications from crashing or responding to events that can be exploited by attackers. 

Simple Mail Transfer Protocol. Simple Mail Transfer Protocol. Used to transfer email between clients and servers and between email servers and other email servers. SMTP uses TCP port 25. 

Solid State Drive. Solid State Drive. A drive used in place of a traditional hard drive. An SSD has no moving parts, but instead stores the contents as nonvolatile memory. SSDs are much quicker than traditional drives. 

Transport Layer Security. Transport Layer Security. Used to encrypt data in transit. TLS is the replacement for SSL and like SSL, it uses certificates issued by CAs. PEAP-TLS uses TLS to encrypt the authentication process and PEAP-TLS requires a CA to issue certificates. 

Universal Resource Locator. Uniform Resource Locator. A type of URI. Address used to access web resources, such as http:// GetCertifiedGetAhead.com. Pop-up blockers can include URLs of sites where pop-ups are allowed. 

Voice over IP. Voice over IP. A group of technologies used to transmit voice over IP networks. Vishing is a form of phishing that sometimes uses VoIP. 

WiFi Protected Access 2. Wi-Fi Protected Access II. Security protocol used to protect wireless transmissions. It supports CCMP for encryption, which is based on AES and is stronger than TKIP, which was originally released with WPA. It uses an 802.1x server for authentication in WPA2 Enterprise mode and a preshared key for WPA2 Personal mode, also called WPA2-PSK. 

American Standard Code for Information Interchange. Code used to display characters.

Point-to-Point Tunneling Protocol. Point-to-Point Tunneling Protocol. Tunneling protocol used with VPNs. PPTP uses TCP port 1723. 

Role-based Access Control. Role-based access control. An access control model that uses roles based on jobs and functions to define access and it is often implemented with groups (providing group-based privileges). Often uses a matrix as a planning document to match roles with the required privileges. 

Remotely Triggered Black Hole. Remotely Triggered Black Hole (RTBH) is a cyber security technique that uses Border Gateway Protocol (BGP) to drop malicious traffic at the network edge before it reaches its target. 

Security Content Automation Protocol. Security Content Automation Protocol. A set of security specifications for various applications and operating systems. Compliance tools such as vulnerability scanners use these to check systems for compliance. 

Secured File Transfer Protocol. Secure File Transfer Protocol. An extension of Secure Shell (SSH) using SSH to transmit the files in an encrypted format. SFTP transmits data using TCP port 22. 

Simple Mail Transfer Protocol Secure. Simple Mail Transfer Protocol Secure (SMTPS) is a method for securing email transmissions by using encryption, such as TLS or SSL, to protect the confidentiality and integrity of data in transit. 

Secure Shell. Secure Shell. SSH encrypts a wide variety of traffic such as SCP, SFTP, Telnet, and TCP Wrappers. SSH uses TCP port 22. SSH is a more secure alternative than Telnet. 

Time-based One-time Password. Time-based One-Time Password. Similar to HOTP, but it uses a timestamp instead of a counter. One-time passwords created with TOTP expire after 30 seconds. 

Universal Serial Bus. Universal Serial Bus. A serial connection used to connect peripherals such as printers, flash drives, and external hard disk drives. Data on USB drives can be protected against loss of confidentiality with encryption. Attackers have spread malware through Trojans. 

 Virtual Private Network. Virtual private network. Provides access to a private network over a public network such as the Internet. VPN concentrators provide VPN access to large groups of users. 

WiFi Protected Setup. Wi-Fi Protected Setup. Allowed users to easily configure a wireless network, often by using only a PIN. WPS brute force attacks can discover the PIN. 

Berkeley Internet Name Domain. BIND is DNS software that runs on Linux and Unix servers. Most Internet-based DNS servers use BIND.

Pre-shared Key. Preshared key. A secret shared among different systems. Wireless networks support Personal mode, where each device uses the same PSK. In contrast, Enterprise mode uses an 802.1x or RADIUS server for authentication. 

Rule-based Access Control. Rule-based access control. An access control model that uses rules to define access. Rule-based access control is based on a set of approved instructions, such as an access control list, or rules that trigger in response to an event such as modifying ACLs after detecting an attack. 

Recovery Time Objective. Recovery time objective. An RTO identifies the maximum amount of time it should take to restore a system after an outage. It is derived from the maximum allowable outage time identified in the BIA. 

Simple Certificate Enrollment Protocol. Simple Certificate Enrollment Protocol. A method of requesting a certificate from a CA. 

Secure Hashing Algorithm. Secure Hash Algorithm. A hashing function used to provide integrity. SHA-1 uses 160 bits, and SHA-256 uses 256 bits. As with other hashing algorithms, SHA verifies integrity. 

Simple Network Management Protocol. Simple Network Management Protocol. Used to manage and monitor network devices such as routers or switches. SNMP agents report information via notifications known as SNMP traps, or SNMP device traps. SNMP uses UDP ports 161 and 162. 

Service Set Identifier. Service Set Identifier. Identifies the name of a wireless network. Disabling SSID broadcast can hide the network from casual users, but an attacker can easily discover it with a wireless sniffer. It's recommended to change the SSID from the default name. 

Trusted Platform Module. Trusted Platform Module. A hardware chip on the motherboard included on many newer laptops. A TPM includes a unique RSA asymmetric key, and when first used, creates a storage root key. TPMs generate and store other keys used for encryption, decryption, and authentication. TPM provides full disk encryption. 

USB On The Go. USB On-The-Go (OTG) poses cybersecurity risks because it allows devices like phones and tablets to act as a host, enabling direct connection to other USB devices such as flash drives, keyboards, or mice. 

Video Teleconferencing. Video teleconferencing. A group of interactive telecommunication technologies that allow people in two or more locations to interact with two-way video and audio transmissions. 

Wireless TLS. Wireless Transport Layer Security. Used to encrypt traffic for smaller wireless devices. 

onfidentiality, integrity, and availability. These three form the security triad. Confidentiality helps prevent the unauthorized disclosure of data. Integrity provides assurances that data has not been modified, tampered with, or corrupted. Availability indicates that data and services are available when needed.

Pan-Tilt-Zoom. Pan tilt zoom. Refers to cameras that can pan (move left and right), tilt (move up and down), and zoom to get a closer or a wider view. 

Rivest Cipher version 4. Rivest Cipher 4. A popular stream cipher. RC4 was implemented incorrectly in WEP, causing vulnerabilities. A rare spelling for RC4 is RSA Variable Key Size Encryption Algorithm. 

Real-time Operating System. RTOS (real-time operating system) cybersecurity focuses on securing embedded systems that have strict timing requirements. 

Secure Copy. Secure Copy. Based on SSH, SCP allows users to copy encrypted files over a network. SCP uses TCP port 22. 

Secure Hypertext Transfer Protocol. Secure Hypertext Transfer Protocol. An alternative to HTTPS. Rarely used. 

Simple Object Access Protocol. Simple Object Access Protocol (SOAP) is a messaging protocol that can be both a risk and a tool. 

 Secure Sockets Layer. Secure Sockets Layer. Used to encrypt data in transit with the use of certificates. SSL is used with HTTPS to encrypt HTTP traffic and can also encrypt SMTP and LDAP traffic. 

Transaction Signature. Transaction Signature. A method of securely providing updates to DNS with the use of authentication. 

Unified Threat Management. Unified threat management. A security appliance that combined multiple security controls into a single solution. UTM appliances can inspect data streams for malicious content and often include URL filtering, malware inspection, and content inspection components. 

Web Application Firewall. Web application firewall. A firewall specifically designed to protect a web application, such as a web server. A WAF inspects the contents of traffic to a web server, can detect malicious content such as code used in a cross-scripting attack, and block it. 

Extensible Markup Language. Extensible Markup Language. Used by many databases for inputting or exporting data. XML uses formatting rules to describe the data. 

Common Vulnerabilities and Exposures (CVE). A dictionary of publicly known security vulnerabilities and exposures.

Recovery Agent. Recovery agent. A designated individual who can recover or restore cryptographic keys. In the context of a PKI, a recovery agent can recover private keys to access encrypted data, or in some situations, recover the data without recovering the private key. In some cases, recovery agents can recover the private key from a key escrow. 

Remote Desktop Protocol. Remote Desktop Protocol. Used to connect to remote systems. Microsoft uses RDP in different services such as Remote Desktop Services and Remote Assistance. RDP uses either port TCP 3389 or UDP 3389. 

Real-time Transport Protocol. Real-time Transport Protocol. A standard used for delivering audio and video over an IP network. 

Small Computer System Interface. Small Computer System Interface. Set of standards used to connect peripherals to computers. Commonly used for SCSI hard disks and/ or tape drives. 

Security Information and Event Management. Security Information and Event Management. A security system that attempts to look at security events throughout the organization. 

System on Chip. a System on a Chip (SoC) refers to the use of a single integrated circuit to build security features directly into the hardware, creating a dedicated security subsystem with features like secure boot and hardware-based encryption to protect sensitive data and platform integrity. 

Single Sign-on. Single sign-on. Authentication method where users can access multiple resources on a network using a single account. SSO can provide central authentication against a federated database for different operating systems. 

User Acceptance Testing. User Acceptance Testing. One of the last phases of testing an application before its release. 

Unshielded Twisted Pair. Unshielded twisted-pair. Cable type used in networks that do not have any concerns over EMI, RFI, or cross talk. If these are a concern, STP is used. 

Wireless Access Point. Wireless access point, sometimes called an access point (AP). Provides wireless clients connectivity to a wired network. Most WAPs use an omnidirectional antenna. You can connect two WLANs together using high-gain directional Yagi antennas. Increasing the power level of a WAP increases the wireless coverage of the WAP. Decreasing the power levels decreases the coverage. 

Exclusive Or. XOR (exclusive or) is a fundamental bitwise operation used in cybersecurity for encryption, obfuscation, and as a building block in more complex protocols. 

Discretionary access control list. List of Access Control Entries (ACEs) in Microsoft NTFS. Each ACE includes a security identifier (SID) and a permission.